package com.ygqh.baby.shiro.credentials;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

public class YgFormAuthenticationFilter extends FormAuthenticationFilter {

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		if (isLoginRequest(request, response)) {
			if (isLoginSubmission(request, response)) {
				return executeLogin(request, response);
			} else {
				return true;
			}
		} else {
			HttpServletRequest ajaxrequest = WebUtils.toHttp(request);
			if (ajaxrequest.getHeader("X-Requested-With") != null && "XMLHttpRequest".equals(ajaxrequest.getHeader("X-Requested-With").toString())) {
				HttpServletResponse res = WebUtils.toHttp(response);
				res.setHeader("loginStatus", "accessDenied");
			} else {
				saveRequestAndRedirectToLogin(request, response);
			}
			return false;
		}
	}
	
}
